Managing SecurID

SecurID Realms

SecurID servers do not provide any authorization data; therefore, any authorization information comes from the SecurID realm or the port characteristics.

If a SecurID card is in a new PIN mode and the new PIN is coming from the access server, the new pin is displayed for 10 seconds and then erased.

Minimal Setup for SecurID

The minimal configuration requires the following commands to set up the remote ports used for communication with SecurID. These features must be assigned in order for any communication with SecurID or SecurID accounting to take place.

The following example shows the command used to set up SecurID security:

LOCAL> CHANGE SECURID REALM realm-name

This command defines and initializes a new SecurID realm:

LOCAL> CHANGE SECURID REALM JONAS.COM AUTHEN HOST ip-addr

Optional Setup for SecurID

The commands in the following example can be used to configure additional security parameters for SecurID. The commands in these examples will define a SecurID accounting node, define the maximum timeout period for SecurID reply, and define the interval between retries of an authentication request.

Local> CHANGE SECURID TIMEOUT seconds

This command defines the maximum timeout for SecurID reply.

Local> CHANGE SECURID INTERVAL seconds

Local> CHANGE SECURID REALM realm-nameINCLUDE

This command causes the realm name to be included as part of a user name sent to SecurID. Realm name inclusion is used for SecurID proxy authentication service. See the Network Access Server Command Reference for more information on this command.

22-24 Managing Access Server Security

Page 470
Image 470
HP NetRider Minimal Setup for SecurID, Optional Setup for SecurID, SecurID Realms, Local Change Securid Realm realm-name